Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/M0jUMKSQR2zrwHynPycPavWLEfE.roa
File:                     M0jUMKSQR2zrwHynPycPavWLEfE.roa (raw, json)
Hash identifier:          K/MT/SUDxvxnWQ/dR4hE13D5kIJdP2E3xlT0D6Wxtc8=
Subject key identifier:   33:48:D4:30:A4:90:47:6C:EB:C0:7C:A7:3F:27:0F:6A:F5:8B:11:F1
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       0191C249332B106B3FCB2F3C8A94114E95A2
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/M0jUMKSQR2zrwHynPycPavWLEfE.roa
Signing time:             Thu 05 Sep 2024 13:04:22 +0000
ROA not before:           Thu 05 Sep 2024 13:04:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.100.1.0/24 maxlen: 24
                          217.30.89.0/24 maxlen: 24
                          2a10:eec0:d::/48 maxlen: 48
                          2a10:eec0:e::/47 maxlen: 47
                          2a10:eec0:10::/44 maxlen: 44
                          2a10:eec0:20::/43 maxlen: 43
                          2a10:eec0:40::/42 maxlen: 42
                          2a10:eec0:80::/41 maxlen: 41
                          2a10:eec0:100::/40 maxlen: 40
                          2a10:eec0:200::/39 maxlen: 39
                          2a10:eec0:400::/38 maxlen: 38
                          2a10:eec0:800::/37 maxlen: 37
                          2a10:eec0:1000::/36 maxlen: 36
                          2a10:eec0:2000::/35 maxlen: 35
                          2a10:eec0:4000::/34 maxlen: 34
                          2a10:eec0:8000::/33 maxlen: 33
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c2:49:33:2b:10:6b:3f:cb:2f:3c:8a:94:11:4e:95:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Sep  5 13:04:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3348d430a490476cebc07ca73f270f6af58b11f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:1f:68:15:3d:3d:5f:50:90:1a:82:7a:41:07:
                    f1:6e:ef:0e:e4:e7:68:64:68:fa:1b:98:cb:bb:e0:
                    67:45:00:ec:8b:fc:1a:8b:82:44:d2:3e:90:37:58:
                    99:0e:d3:75:68:59:3a:75:5c:08:53:80:fe:ce:04:
                    b2:2c:88:48:6d:2c:66:51:86:d1:57:dc:8a:a8:0b:
                    46:71:17:e6:fd:79:20:d0:01:8c:42:00:c4:26:ed:
                    0b:f2:4e:fe:d3:05:ef:e3:e7:37:02:48:6c:c1:9b:
                    0e:bd:f7:c0:f9:75:ba:79:37:49:f8:96:42:18:c3:
                    3a:f9:46:13:e3:10:fa:ba:40:42:a3:e0:c7:79:d6:
                    14:f8:29:fd:53:71:52:08:2d:85:6b:2a:98:d3:b2:
                    44:d0:3e:d3:bb:6e:38:61:ad:6a:6c:40:c8:1f:cd:
                    c9:81:08:85:b3:87:8c:1f:9e:0b:bd:73:be:c2:dc:
                    5e:52:eb:da:eb:3f:b6:80:c8:7a:fd:3b:ed:7d:09:
                    41:43:3f:0e:b9:46:f2:c7:ee:51:43:2d:5a:62:af:
                    fa:2a:8a:ae:f6:2a:14:22:bf:25:d9:43:45:95:24:
                    93:f8:e5:af:70:4c:e2:0f:9f:19:a5:fc:a4:81:b7:
                    2f:18:38:12:65:49:60:97:d5:38:cf:dd:e2:70:ec:
                    d8:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:48:D4:30:A4:90:47:6C:EB:C0:7C:A7:3F:27:0F:6A:F5:8B:11:F1
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/M0jUMKSQR2zrwHynPycPavWLEfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.1.0/24
                  217.30.89.0/24
                IPv6:
                  2a10:eec0:d::-2a10:eec0:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         1f:97:da:bf:a0:99:08:1a:4b:bb:b6:a1:72:e7:64:4c:44:b1:
         15:94:07:b3:a9:22:43:16:e9:eb:10:2b:1a:12:61:9e:c4:3f:
         a3:19:dc:1c:0b:22:66:0b:9e:e0:2e:ca:55:9e:a9:50:12:0f:
         3a:a8:53:55:e1:dc:75:8c:64:43:19:21:b5:b1:19:96:b9:9d:
         b9:69:2b:23:60:9f:91:60:03:92:8a:f3:0b:62:e8:ee:7f:9d:
         e8:80:25:52:7f:cf:6e:42:c5:98:b0:86:a1:6c:43:92:fd:1b:
         58:d1:e0:dd:f1:26:3e:0e:c1:17:55:f1:8a:21:a4:3c:75:fd:
         ed:57:92:dd:5c:31:8e:20:82:39:88:9f:a8:9c:2a:7c:1d:dc:
         62:fa:a7:af:d0:30:6b:98:d5:ed:de:9f:9e:f8:d6:45:7d:3b:
         f0:67:0c:c9:a5:46:17:e8:7a:59:eb:26:42:d1:32:7a:83:d1:
         03:d3:fe:2a:de:df:e3:f0:5b:3e:d0:78:54:3e:3c:10:e1:8d:
         96:36:bb:e5:3f:8e:bf:44:92:38:d4:4d:22:ea:3e:85:43:34:
         53:e5:cf:ee:f9:4d:a2:18:1f:ec:4d:3f:f1:cf:bb:e9:21:49:
         7c:c2:3d:f8:d9:6e:d1:3e:8e:a0:39:13:c5:f8:4f:c9:fb:c7:
         23:3f:3f:64
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZHCSTMrEGs/yy88ipQRTpWiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwOTA1MTMwNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzQ4ZDQzMGE0OTA0NzZjZWJjMDdjYTczZjI3MGY2YWY1OGIxMWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmR9oFT09X1CQGoJ6QQfxbu8O5Odo
ZGj6G5jLu+BnRQDsi/wai4JE0j6QN1iZDtN1aFk6dVwIU4D+zgSyLIhIbSxmUYbR
V9yKqAtGcRfm/Xkg0AGMQgDEJu0L8k7+0wXv4+c3AkhswZsOvffA+XW6eTdJ+JZC
GMM6+UYT4xD6ukBCo+DHedYU+Cn9U3FSCC2FayqY07JE0D7Tu244Ya1qbEDIH83J
gQiFs4eMH54LvXO+wtxeUuva6z+2gMh6/TvtfQlBQz8OuUbyx+5RQy1aYq/6Koqu
9ioUIr8l2UNFlSST+OWvcEziD58ZpfykgbcvGDgSZUlgl9U4z93icOzYsQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFDNI1DCkkEds68B8pz8nD2r1ixHxMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvTTBqVU1LU1FSMnpyd0h5blB5Y1BhdldMRWZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjASBAIAATAMAwQAuWQBAwQA
2R5ZMBgEAgACMBIwEAMHACoQ7sAADQMFACoQ7sAwDQYJKoZIhvcNAQELBQADggEB
AB+X2r+gmQgaS7u2oXLnZExEsRWUB7OpIkMW6esQKxoSYZ7EP6MZ3BwLImYLnuAu
ylWeqVASDzqoU1Xh3HWMZEMZIbWxGZa5nblpKyNgn5FgA5KK8wti6O5/neiAJVJ/
z25CxZiwhqFsQ5L9G1jR4N3xJj4OwRdV8YohpDx1/e1Xkt1cMY4ggjmIn6icKnwd
3GL6p6/QMGuY1e3en5741kV9O/BnDMmlRhfoelnrJkLRMnqD0QPT/ire3+PwWz7Q
eFQ+PBDhjZY2u+U/jr9EkjjUTSLqPoVDNFPlz+75TaIYH+xNP/HPu+khSXzCPfjZ
btE+jqA5E8X4T8n7xyM/P2Q=
-----END CERTIFICATE-----